Confirmed users
110
edits
Firefox Sync/Weave 1.3b5 Client Security Review: Difference between revisions
Firefox Sync/Weave 1.3b5 Client Security Review (view source)
Revision as of 18:30, 24 May 2010
, 24 May 2010→Cryptography
mNo edit summary |
m (→Cryptography) |
||
| Line 109: | Line 109: | ||
The Weave project relies on the passphrase being secret. Compromise of the passphrase would allow an attacker to decrypt the contents stored on the server. Retrieving the public/private key requires that the attacker has the victim's username/password. | The Weave project relies on the passphrase being secret. Compromise of the passphrase would allow an attacker to decrypt the contents stored on the server. Retrieving the public/private key requires that the attacker has the victim's username/password. | ||
The review of the cryptography was mainly a check for proper implementation of known good algorithms. Weave relies heavily on the NSS library from cryptographic functions. The procedure used to secure user data is documented on the Weave wiki | The review of the cryptography was mainly a check for proper implementation of known good algorithms. Weave relies heavily on the NSS library from cryptographic functions. The procedure used to secure user data is documented on the Weave wiki | ||
Background links | Background links | ||
* | |||
* | *[[Labs/Weave/Crypto|Weave/Crypto]] | ||
*[[Labs/Weave/Developer/Crypto|Weave/Developer/Crypto]] | |||
The glue code for the crypto bindings can be found in the crypto/ folder. This includes the code to check and load the appropriate NSS library. A subset of the NSS API is exposed to the extension, including functionality for SHA256, AES and RSA keypair generation. | The glue code for the crypto bindings can be found in the crypto/ folder. This includes the code to check and load the appropriate NSS library. A subset of the NSS API is exposed to the extension, including functionality for SHA256, AES and RSA keypair generation. | ||
The wrapper functions for the Weave client are located in modules/base_records/crypto.js . Weave generates a separate IV for each WBO in the initial encryption process. This also leads to a new IV being generated when an entry is updated. A HMAC is used to detect data tampering. The user's passphrase is stored in the Firefox password manager, but never transmitted over the wire. | The wrapper functions for the Weave client are located in modules/base_records/crypto.js . Weave generates a separate IV for each WBO in the initial encryption process. This also leads to a new IV being generated when an entry is updated. A HMAC is used to detect data tampering. The user's passphrase is stored in the Firefox password manager, but never transmitted over the wire. | ||
The overall crypto implementations in crypto/WeaveCrypto.js appeared to be sound. | The overall crypto implementations in crypto/WeaveCrypto.js appeared to be sound. | ||